Mitigating Controls Change Logs
The Mitigating Controls Change Logs report provides an auditable record of creation, deletion, and update events made to the mitigating controls entities and related user mappings for documented exceptions granted to users that have, or may have, sensitive or separation of duties risks within a system.
Downloading a Mitigating Controls Change Log Report
Download a Mitigating Controls Change Log report from the Mitigating Controls – Maintenance page.
- From the left navigation, select Risks > Mitigating Controls.
- Above the table, select Change Logs.
- The date range defaults to one year, midnight to midnight. If you want different dates, adjust the start and end date for your change log.
- The time zone defaults to your local browser time zone. If you want to use a different time zone, adjust the value in that field.
- Select Submit.
- After submitting a change log request, you are directed to the Activity History page.
- On the Change Logs tab, your change log request is running at the top of the table. You can refresh using the Refresh icon/button above the table to refresh the view while retaining any filters you have applied.
- When your report has finished running, the status updates to Success and the Actions column allows you to select Download.
Viewing a Mitigating Controls Change Log
After downloading a Mitigating Controls Change Log, go to your Downloads folder to open the report.
The zip file’s name includes a date and time stamp for the audit period covered by the report, for example from 2024-01-01 040000(UTC) to 2024-12-31 235959(UTC) includes all changes for 2024.
Within the zip file, the report consists of:
- Change Logs.csv - Details of all creations, deletions, and updates
- Properties.csv - Options selected when running the report, including the number of log entries exported.
- Manifest - A folder with digital signatures that can be used to verify the files have not been tampered with when performing completeness and accuracy audit procedures.
- Change Logs.csv.sig - The digital signature file for the change logs themselves.
- Properties.csv.sig - The digital signature file for the properties file.
For each creation, deletion, or update to a mitigating control, a control to risk mapping, a mapping rule to mitigate a user, or a control owner, the change log file includes the following filterable columns:
- Timestamp - When the change was made.
- Mitigating Control - Events for the parent Mitigating Control and all metadata.
- Risk Mapping - Events for mapping a Mitigating Control to a Risk in a specific rulebook.
- Mapping Rule - Events for mapping Controls to Users.
- Owner - Events for specifying who owns a Mitigating Control.
-
Changed Table - The entity that was impacted.
-
Changed Object - Which control was updated for which risk. Entries use [control] > [risk] > [attribute] formatting as a primary key to make clear which entry has been updated.
Note
For each Changed Table, the format of the Changed Object column will vary, depending on the level of detail, to appropriately identify the record impacted.
-
Event Type - Created, updated, or deleted.
- Property Name - Specific property that was updated.
- Changed By - User who made the change.
- Old Value - Value prior to the change. For a record that was newly created, this value is null.
-
New Value - Value after the change. For a record that was deleted, the value is null.
Note
For deleted entitles where optional columns were not populated, both the old and new values would be null for those unused optional columns.
-
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.